delete session cookie when logging out and deleting account

app.lua

@@ -17,8 +17,13 @@ app.layout = require "views.base"
 
 app.cookie_attributes = function (self, name, value)
   if name == config.session_name then
-    local expires = date(true):adddays(30):fmt("${http}")
-    return "Expires="..expires.."; Path=/; HttpOnly; Secure"
+    if not self.session.queue_delete then
+      local expires = date(true):adddays(30):fmt("${http}")
+      return "Expires="..expires.."; Path=/; HttpOnly; Secure"
+    else
+      local expires = date(true):addseconds(-30):fmt("${http}")
+      return "Expires="..expires.."; Path=/; HttpOnly; Secure"
+    end
   end
 end
 

apps/users.lua

@@ -126,8 +126,10 @@ app:post("user_delete", "/:username/delete", function(self)
     return {redirect_to = self:url_for("user_delete_confirm", {username = me.username})}
   end
   
+  local session = Sessions:find({key = self.session.session_key})
+  session:delete()
+  self.session.queue_delete = true
   util.transfer_and_delete_user(target_user)
-  util.inject_infobox(self, "Your account has been added to the deletion queue.")
   return {redirect_to = self:url_for("user_signup")}
 end)
 
@@ -379,7 +381,7 @@ app:post("user_logout", "/logout", function (self)
 
   local session = Sessions:find({key = self.session.session_key})
   session:delete()
-  self.session = nil
+  self.session.queue_delete = true
   return {redirect_to = self:url_for("user_login")}
 end)